Static task
static1
Behavioral task
behavioral1
Sample
NEAS.66e96ee81bba9e13bbad9853ce0ab4e0.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.66e96ee81bba9e13bbad9853ce0ab4e0.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
NEAS.66e96ee81bba9e13bbad9853ce0ab4e0.exe
-
Size
5.6MB
-
MD5
66e96ee81bba9e13bbad9853ce0ab4e0
-
SHA1
582ae6e9d48e0b7b70adabb14b6a38e0b93be215
-
SHA256
2174852aa11a5253472cf142260c73f4372093dabe5ac1e1c8ab20a11bc4e30d
-
SHA512
ded8875bc279f44aaa6a094f12580c15d440317f31610e20f2772cee633884b344fed70d336dedc4b994e95c9f3463b293b9b691997e49fc8aad118892c8468c
-
SSDEEP
98304:ooMz3scRpgSM8vkVFZ6qZcuBnA7MayKsnLITCtjE7aMJ0Atn+9fYVO:cz3jgSM1QuBnAAactjE7B0Ad+dYVO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.66e96ee81bba9e13bbad9853ce0ab4e0.exe
Files
-
NEAS.66e96ee81bba9e13bbad9853ce0ab4e0.exe.exe windows:4 windows x86
369c9cc5bffab229835c639c6f66fc8d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
d3dx9_26
D3DXLoadSurfaceFromSurface
D3DXSaveTextureToFileA
D3DXPlaneIntersectLine
D3DXLoadMeshFromXA
D3DXGeneratePMesh
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileExA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileExA
D3DXComputeNormals
D3DXCreateTexture
D3DXMatrixRotationYawPitchRoll
D3DXVec4Normalize
D3DXLoadMeshHierarchyFromXA
D3DXFrameCalculateBoundingSphere
D3DXQuaternionInverse
D3DXVec3CatmullRom
D3DXPlaneFromPointNormal
D3DXMatrixRotationAxis
D3DXVec2Normalize
D3DXQuaternionSquadSetup
D3DXQuaternionSquad
D3DXVec3TransformNormal
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationZ
D3DXPlaneFromPoints
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH
D3DXVec3TransformCoord
D3DXPlaneTransform
D3DXMatrixTranslation
D3DXQuaternionRotationYawPitchRoll
D3DXMatrixScaling
D3DXMatrixTranspose
D3DXVec3Normalize
D3DXCreateMeshFVF
D3DXGetFVFVertexSize
D3DXMatrixInverse
D3DXVec3Project
D3DXQuaternionSlerp
D3DXQuaternionNormalize
D3DXMatrixRotationQuaternion
D3DXQuaternionMultiply
D3DXMatrixMultiply
D3DXValidMesh
D3DXWeldVertices
D3DXCleanMesh
D3DXCreateFontIndirectA
D3DXQuaternionRotationAxis
d3dxof
DirectXFileCreate
dbghelp
MiniDumpWriteDump
tbb
?terminate@task_scheduler_init@tbb@@QAEXXZ
?initialize@task_scheduler_init@tbb@@QAEXH@Z
mfc71
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3195
ord620
ord2368
ord1903
ord6275
ord2991
ord572
ord589
ord330
ord709
ord4001
ord5641
ord502
ord4123
ord501
ord1439
ord6288
ord629
ord5089
ord384
ord1263
ord3605
ord3596
ord760
ord3908
ord745
ord2272
ord1123
ord6099
ord4067
ord664
ord5431
ord427
ord3850
ord6166
ord298
ord6168
ord6173
ord4085
ord2271
ord1614
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord577
ord3996
ord283
ord5446
ord1916
ord6179
ord5716
ord1191
ord1187
ord1084
ord297
ord304
ord5563
ord2451
ord578
ord781
ord3997
ord5529
ord784
ord310
ord764
ord762
ord266
ord1482
ord265
ord2322
ord911
ord663
ord426
ord4066
ord6167
ord5469
ord869
ord3022
ord2292
ord5491
ord308
ord785
ord1489
ord299
ord2933
ord5710
ord4109
ord6138
ord2131
ord907
ord2469
ord5490
ord6006
ord5715
ord908
ord5403
ord2468
ord1185
ord4081
ord557
ord865
ord631
ord2280
ord386
ord6090
ord5613
ord4125
ord5833
ord2372
ord1440
ord2748
ord2751
ord3931
ord2288
ord3684
ord1554
ord5915
ord1620
ord1617
ord3946
ord1402
ord4244
ord5152
ord1908
ord5073
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
msvcr71
free
_except_handler3
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_CxxThrowException
_mbstok
_mbscmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strtok
_vsnprintf
_purecall
sprintf
memmove
_time64
srand
time
atoi
fclose
fgets
fopen
_beginthreadex
_mktime64
fprintf
system
_strtime
_strdate
strftime
localtime
difftime
_snprintf
_localtime64
floor
rand
wcslen
strrchr
_strlwr
_stricmp
strncpy
fseek
fread
fwrite
ftell
_close
_creat
_errno
_splitpath
tolower
_CIasin
_CIacos
_CIpow
_CIfmod
_strcmpi
_strrev
calloc
_ismbcdigit
ldexp
frexp
memchr
atof
realloc
getc
ceil
qsort
_controlfp
_atoi64
toupper
_snwprintf
isspace
isalpha
isalnum
strncmp
strchr
strstr
fscanf
_ftol
memset
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
__security_error_handler
malloc
kernel32
SleepEx
LockResource
SizeofResource
LoadResource
FindResourceA
ResetEvent
WaitForMultipleObjects
ExitProcess
GetStartupInfoA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
lstrcpynA
SetFilePointer
IsDebuggerPresent
lstrcatA
GetSystemTimeAsFileTime
VirtualQuery
FileTimeToLocalFileTime
FileTimeToDosDateTime
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
MulDiv
GetFileSize
IsDBCSLeadByteEx
GetModuleHandleA
WriteFile
GetFileTime
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
CreateDirectoryA
CreateProcessA
LocalFree
GetProcAddress
FreeLibrary
LoadLibraryA
GetCurrentProcess
GetPriorityClass
SetPriorityClass
GetSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateEventA
SetThreadPriority
ResumeThread
SetThreadIdealProcessor
GetQueuedCompletionStatus
GetTickCount
PostQueuedCompletionStatus
HeapFree
GetProcessHeap
HeapAlloc
CreateIoCompletionPort
SetEvent
WaitForSingleObject
CloseHandle
lstrcpyA
Sleep
GetModuleFileNameA
GetCurrentDirectoryA
lstrlenA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetACP
user32
GetSystemMetrics
GetDlgItemTextA
SetDlgItemTextA
EndDialog
ShowWindow
LoadIconA
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetSubMenu
EnableWindow
SetTimer
GetDlgItem
SetWindowTextA
ModifyMenuA
KillTimer
DialogBoxParamA
MsgWaitForMultipleObjects
SetWindowPos
GetWindowLongA
SetWindowLongA
GetWindowTextA
SendMessageA
SendMessageTimeoutA
SendMessageCallbackA
PostMessageA
SetCursorPos
GetClientRect
GetWindowRect
SetFocus
keybd_event
GetKeyState
ShowCursor
AdjustWindowRectEx
MoveWindow
wsprintfA
wvsprintfA
GetKeyboardLayout
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
InvalidateRect
InvertRect
FillRect
GetFocus
MessageBoxA
LoadMenuA
gdi32
GetTextMetricsA
CreateFontA
GetTextExtentPoint32A
SetBkColor
ExtTextOutA
TextOutW
CreateFontIndirectA
SetTextColor
ExtTextOutW
CreateDIBSection
SetMapMode
CreateFontW
GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
SetBkMode
advapi32
CryptDestroyHash
CryptCreateHash
GetUserNameA
CryptDecrypt
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptHashData
CryptReleaseContext
CryptAcquireContextA
shell32
Shell_NotifyIconA
SHGetSpecialFolderPathA
shlwapi
PathFileExistsA
oleaut32
VariantClear
msvcp71
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1strstreambuf@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??1strstream@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xran@_String_base@std@@QBEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
ws2_32
getpeername
WSAStartup
WSACleanup
htonl
bind
gethostname
listen
WSAAccept
WSASend
gethostbyname
inet_ntoa
inet_addr
WSAEnumNetworkEvents
recv
send
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSASocketA
WSAGetLastError
htons
connect
WSARecv
socket
ioctlsocket
WSAWaitForMultipleEvents
closesocket
ntohs
odbc32
ord39
ord24
ord9
ord26
ord12
ord19
ord72
ord49
ord48
ord75
ord7
ord43
ord36
ord31
ord35
ord13
ord11
psapi
GetProcessMemoryInfo
GetModuleFileNameExA
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
winmm
timeKillEvent
timeGetTime
timeSetEvent
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance
mmioWrite
mmioClose
mmioOpenA
imm32
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetProperty
ImmGetContext
bugtrap
BT_InstallSehFilter
BT_SetSupportEMail
BT_SetFlags
BT_SetSupportURL
BT_SetAppName
BT_SetSupportServer
Sections
.text Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 601KB - Virtual size: 600KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 277KB - Virtual size: 115.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 201KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ